README

gocloak-echo

FOSSA Status

Keycloak handler & middleware for echo

This project is still WiP and the interfaces might change pretty often

Supported authentication flows:

  • Direct Grant Flow

Use this together with the keycloak client gocloak

Usage examples

  • Install the package
go get "github.com/Nerzal/gocloak/v4"
// AuthenticationHandler is used to authenticate with the api
type AuthenticationHandler interface {
	AuthenticateClient(Authenticate) (*gocloak.JWT, error)
	AuthenticateUser(Authenticate) (*gocloak.JWT, error)
	RefreshToken(Refresh) (*gocloak.JWT, error)
}
// AuthenticationMiddleWare is used to validate the JWT
type AuthenticationMiddleWare interface {
	CheckToken(next echo.HandlerFunc) echo.HandlerFunc
    CheckTokenCustomHeader(next echo.HandlerFunc) echo.HandlerFunc
	CheckScope(next echo.HandlerFunc) echo.HandlerFunc
    DecodeAndValidateToken(next echo.HandlerFunc) echo.HandlerFunc
}

Compatibility Matrix

This middleware uses echo and gocloak. Choose the right version for you

Versions Compatibility
gockloak-echo/v3 gocloak/v3, echo/v3
gockloak-echo/v4 gocloak/v3, echo/v4

License

FOSSA Status

Expand ▾ Collapse ▴

Documentation

Index

Constants

View Source
const (
	// KeyRealm is used as realm key constant
	KeyRealm = "realm"
)

Variables

This section is empty.

Functions

This section is empty.

Types

type Authenticate

type Authenticate struct {
	ClientID     string  `json:"clientID"`
	ClientSecret string  `json:"clientSecret"`
	Realm        string  `json:"realm,omitempty"`
	Scope        string  `json:"scope,omitempty"`
	UserName     *string `json:"username,omitempty"`
	Password     *string `json:"password,omitempty"`
}

Authenticate holds authentication information

type AuthenticationHandler

type AuthenticationHandler interface {
	AuthenticateClient(Authenticate) (*JWT, error)
	AuthenticateUser(Authenticate) (*JWT, error)
	RefreshToken(Refresh) (*JWT, error)
}

AuthenticationHandler is used to authenticate with the api

func NewAuthenticationHandler

func NewAuthenticationHandler(gocloak gocloak.GoCloak, realm *string) AuthenticationHandler

NewAuthenticationHandler instantiates a new AuthenticationHandler Setting realm is optional noinspection GoUnusedExportedFunction

type AuthenticationMiddleWare

type AuthenticationMiddleWare interface {
	// Decodes the token and checks if it is valid
	DecodeAndValidateToken(next echo.HandlerFunc) echo.HandlerFunc

	CheckToken(next echo.HandlerFunc) echo.HandlerFunc

	// The following 2 methods need higher permissions of the client in the realm
	CheckTokenCustomHeader(next echo.HandlerFunc) echo.HandlerFunc
	CheckScope(next echo.HandlerFunc) echo.HandlerFunc
}

AuthenticationMiddleWare is used to validate the JWT

func NewDirectGrantMiddleware

func NewDirectGrantMiddleware(gocloak gocloak.GoCloak, realm, clientID, clientSecret, allowedScope string, customHeaderName *string) AuthenticationMiddleWare

NewDirectGrantMiddleware instantiates a new AuthenticationMiddleWare when using the Keycloak Direct Grant aka Resource Owner Password Credentials Flow

see https://www.keycloak.org/docs/latest/securing_apps/index.html#_resource_owner_password_credentials_flow and https://tools.ietf.org/html/rfc6749#section-4.3 for more information about this flow noinspection GoUnusedExportedFunction

type JWT

type JWT struct {
	AccessToken      string `json:"accessToken"`
	ExpiresIn        int    `json:"expiresIn"`
	RefreshExpiresIn int    `json:"refreshExpiresIn"`
	RefreshToken     string `json:"refreshToken"`
	TokenType        string `json:"tokenType"`
	NotBeforePolicy  int    `json:"notBeforePolicy"`
	SessionState     string `json:"sessionState"`
	Scope            string `json:"scope"`
}

JWT is a JWT

type Refresh

type Refresh struct {
	ClientID     string `json:"clientID"`
	ClientSecret string `json:"clientSecret"`
	Realm        string `json:"realm,omitempty"`
	RefreshToken string `json:"refreshToken,omitempty"`
}

Refresh is used to refresh the JWT